git.librecmc.org Git - oweals/openssl.git/commit

author	Shane Lontis <shane.lontis@oracle.com>
	Mon, 3 Jun 2019 05:19:48 +0000 (15:19 +1000)
committer	Shane Lontis <shane.lontis@oracle.com>
	Mon, 3 Jun 2019 05:25:10 +0000 (15:25 +1000)
commit	d63d841fb510a920275c66d3e486089c5c718797
tree	d031da4cb1262fd7a4f1dfc6709524abceb97be8	tree \| snapshot
parent	9517295b7f3c3ea7bed254b426ee45dcb60e655a	commit \| diff

Add the content type attribute to additional CMS signerinfo.

Fixes #8923

Found using the openssl cms -resign option.
This uses an alternate path to do the signing which was not adding the required signed attribute
content type. The content type attribute should always exist since it is required is there are
any signed attributes.
As the signing time attribute is always added in code, the content type attribute is also required.
The CMS_si_check_attributes() method adds validity checks for signed and unsigned attributes
e.g. The message digest attribute is a signed attribute that must exist if any signed attributes
exist, it cannot be an unsigned attribute and there must only be one instance containing a single
value.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8944)

(cherry picked from commit 19e512a8244a6f527d0194339a8f9fc45468537a)

crypto/cms/cms_att.c		diff \| blob \| history
crypto/cms/cms_err.c		diff \| blob \| history
crypto/cms/cms_lcl.h		diff \| blob \| history
crypto/cms/cms_sd.c		diff \| blob \| history
crypto/err/openssl.txt		diff \| blob \| history
include/openssl/cmserr.h		diff \| blob \| history
test/recipes/80-test_cms.t		diff \| blob \| history
test/recipes/80-test_cms_data/bad_signtime_attr.cms	[new file with mode: 0644]	blob
test/recipes/80-test_cms_data/ct_multiple_attr.cms	[new file with mode: 0644]	blob
test/recipes/80-test_cms_data/no_ct_attr.cms	[new file with mode: 0644]	blob
test/recipes/80-test_cms_data/no_md_attr.cms	[new file with mode: 0644]	blob